On Mon, 10 Feb 2020 at 16:19, Tony Finch <d...@dotat.at> wrote:

> When I was working out how a SHA-1 attack could work with TXT records,
> (https://www.dns.cam.ac.uk/news/2020-01-09-sha-mbles.html)
> one of the problems was that the collision blocks in the best attack so
> far are 588 bytes, which is too big to fit into a single TXT string. So
> there will be length bytes inside the collision blocks which can't easily
> be controlled by the attacker. The solution is to append 255 zero bytes
> which is enough to fill the tail end of any string specified by the last
> length byte in the collision blocks, and any excess zero bytes get treated
> as a sequence of empty strings.

The troublesome length bytes can be avoided by (ab)using a generic URI
RR instead:

    64kilobeef. TYPE256 \# 8 deadbeefdeadbeef

which allows arbitrary content (3 < length < ~64k).
Note that the URI target text occupies the remaining RDATA after the
weight field.


DNSOP mailing list

Reply via email to